Gearbest hacked
Usernames and passwords (which were all stored unencrypted) have been publicly leaked
You didn't fall for the chink shopping meme, did you?
Gearbest hacked
Usernames and passwords (which were all stored unencrypted) have been publicly leaked
You didn't fall for the chink shopping meme, did you?
Other urls found in this thread:
>A vulnerability in the GearBest app has been exploited to retrieve the user information.
>Several people have commented testifying to the list’s authenticity.
>One person says they’ve been able tolog into more than 20 accountswith some of the details found there, while another says an item was bought through their accountwithout theirknowledge.
>GearBest app
Never used that
I did. Bought a cable. It never arrived.
unique password so I'm good. if competent they'll reset pws that were leaked.
>if competent
1. They're chinks
2. They didn't even use hashing and salting
3. They're fucking chinks
Seriously, fuck, need to change all my passwords now (since I use the same for everything).
I assumed every site in the universe only kept hashes these days.
> tfw aliexpress master race
Anyone have tips on 'algorithmic' passwords?
I suppose I could just append the first letter of the site's name to a common password, but is there anything more robust that's easily to remember and type in (muscle memory considered)?
You should have 3 tiers of passwords if you don't want to memorize too many
1. unimportant shit or sites which you can't fully trust
2. mildly important
3. Very important(E-Mail, PayPal, etc.)
>"""""hacked"""""
>implying they didn't sell it
you all niggas got CHINKED
>unencrypted
>usernames and passwords
Why are women allowed to write about technology?
i'd say email address is tier 4 and should have a unique password that is only used for it
I only log in using my google account. I never created a gearbest account. Am I fine ? Should I go full password reset errywhere ?
i'd say that's bullshit and you should have a strong and unique password for every site now matter how "trustwprthy" or "important"
if you don't, you deserve to get hacked and your details stolen
Luckily I use different passwords for everything. For example my gearbest password is gearbest123, how can they possibly know that my gmail password is gmail123, or that my paypal password is paypal123? Checkmate chinks
hacking your paypal rn scrub, say bye to all your moneys
they deserve it for buying chinkshit
>Gearbest
Literally who
>bought from banggood and aliexpress but stayed away from gearbest as heard too many horror stories.
>my mail
>ctrl-f gearbest
>0 results
Implying AliExpress is less likely to get you chinked
you say that but how do you remember a million passwords for different websites
storing them all inside a truecrypt container i mount everytime i need a password cus fuck password managers
>not using unique passwords for anything important
NP. I use a unique password for every website.
If passwords were stored unencrypted then why is only the app affected?
>2. They didn't even use hashing and salting
>150
Yeah, it's nothing.
>being this dumb
>making assumptions about security WITH CHINKS
>"app"
>using your phone for shopping
They deserved it.
Jack ma saves us again
And that's why you use throw away emails and prepaid Visa gift cards when dealing with shady businesses.
but my gearbest uses the same email and password as my paypal and email address and my bank hasnt notified me that anything is wrong yet. I think youre full of shit
>but my gearbest uses the same email and password as my paypal and email address
150 users. Thank you for killing a thread.
>implying it didnt need to be killed in the first place
why do you autists get so shitty about muh old and dead threads
>think damage control
Better get LifeLock NOW buddy hahahahaha
pastebin.com
Someone answer this one please.
>hashing and salting
as long as you didn't use sha256 or other dumb hashing algorithms
>the last time i tried to log into my paypal with a proxy still enbabled i was locked out of my account for 4 years
never again. luckily i know paypal would have my back in the rare case of someone gaining access to my account but christ those were 4 miserable years without access to internet money.
That's why I believe crypto will win eventually.
Whatever, unique throwaway passwords
Plus when I report the cc fraud I'll get another month of prime and year of aws. This is a win
Why would not purchase those gifts debit cards from supermarkets to buy chink shit? You trust them with your real details? No
There are a fuckton of leaks from every company pretty much.
Fake and gay
create a script which uses a static salt (very long and complex), put through a KDF with a lot of iterations and parallelism (argon2 or scrypt) and stretch the output bytes to 4096, convert it from hex to bin, filter the binary output using your ASCII keyspace (ex. tr -cd [:graph:]), then trim it to a fixed length of 16 or whatever.. You can literally do this in a one liner and save it. You can just plug in a relatively easy to remember password, it will take about 3-5 seconds and shit out a really good password. Assuming they even have access to your salt, you can NOT brute force using a KDF that takes 3-5 seconds to complete. It will never complete. Doesn't matter what hardware they run it on. It just won't happen.
It doesn't matter. They used the app to exploit a vulnerability in their servers.
Nope. Can't log in to gearbest with any of the first 5.
how did they steal the passwords? isnt that shit encrypted
>trusting flavor of the month chink sites.
Reminder that having autistic-tier passwords is of absolutely no use in improving security if the site you use them on gets BTFO. Better to just have a long human-readable password that you can remember
Sucks to be you. Your Google account is now compromised too
Never use Google login for third party sites you don't trust
How is a password manager generated password bad?
if one of them gets BTFO the only thing that's relevant is whether or not you've reused it. people with shitty one word passwords will have most likely used it in other places too.
how about the fact you can't actually remember your logins and are now completely reliant on the password manager?
>how about the fact you can't actually remember your logins and are now completely reliant on the password manager?
why is this bad? i keep online and offline backups of my keepass file and have the password to it memorized.
If you log in using Google, FB, Twitter or any of that shit the API from those services is communicating with Gearbest. You're probably in a db table somewhere with a unique identifier, but as long as you're inputting your password in a Google form, your password should be safe
just append the site/company initials.
eg.
mid tier password used for buying shit online : azNpr!d3
company/site : aliexpress
final password : azNpr!d3ae
company/site : gearbest
final password : azNpr!d3gb
we went thru this a few /fucko/ threads ago. lurk moar bitch
i don't know man, i couldn't stand the idea of my shit being stored somewhere i may not be able to access or not knowing my passwords in general. you do what works for you.
this is way too obvious. shift the letters a certain number of times in the alphabet at least.
Bought from them before. Believe I never stored the card info for later use, since I would never trust stinky chinky. Either way, anybody have a way I can check?
They probably still stored your card info somewhere. You fucked up.
also, aliexpress = ae, gearbest = gb, google = gg? ge? go? gi for google inc? how the fuck are you gonna manage consistency with this retarded scheme
Probably better not to have consistency.
it's a simple barebone example for fucks sake, create your own methodology unless you want me to help you create all your passwords and take over your life. personally i just use the site name, like "he11ow0r!d_GIT~HUB".
fucken redditfag stop asking to be spoonfed
>claims retarded scheme
>actually most recommended password scheme on Sup Forums
Yeah mister wise guy. Tell us YOUR smart idea of a password algo then
are you serious? you're gonna have "ts" for twitter (s for social) and "ym" for yahoo (M for Marissa)? you don't see the problem here?
i've already mentioned all i use for my algo. it always uses the same two letters from the url but they are shifted several times independently of one another. i use the same method, just explaining why the example given here is shit.
>gets flaws pointed out in trivial example
>HURRR REDDIT ASKING TO BE SPOONFED
ok
>"he11ow0r!d_GIT~HUB"
i hope you realise how retarded this is. guess i'll go do some xmas shopping with "he11ow0r!d_AMA~ZON"